Am I been too cautious

[Tal]

Apologizes if this is a stupid question, but I'm new and know nothing really about Android.

My smartphone of choice for the last 2 years has been the iPhone. But I am now wanting a change, basically getting a little sick of the restrictions Apple impose on their devices etc and like the freedom of customisation of Android.

Has you will know Apple has strict vetting for their apps etc and as such the apps are very secure/safe.

Just reading through various things on the net about Android/apps. I hear people saying that the app has got hold of sensitive data? such as email addresses, Facebook logins. I also hear some people saying that some Android apps can cause unexplainable high battery usage, whether that is just badly written apps I'm not sure.

The above worries/concerns I have raised, I have never had these with the apps for my iPhone. Have I cause to be paranoid, or have I nothing to worry about, what's your opinions?

 

[Gretho]

Hi there,

I'm just some guy who only got in touch with a smartphone several weeks ago.
The SGS2 was my first smartphone.

So far I've done quite some messing around and I have a ton of apps installed. I usually check how many downloads there are, if there are comments (pos/neg) and how the information box is written (decent English or just crap) and naturally I try to pick the apps that seem well written, popular and decent in quality.

I've had no problems at all with the apps I downloaded using this method of selection, but I have indeed heard some stories about high battery usage etc. I guess if you're just a tad bit careful with what you do, you'll be just fine.

 

[ardchoille]

One of the last things you will see before an app installs from the android market is a page showing which permissions that app has. Pay close attention to this screen as it will help you identify what that app is allowed to do.

For instance, a flashlight app really has no business connecting to the internet so a flashlight app with internet permissions should throw a big red flag in your mind. I would do a lot of research before installing an app like that.. if I install it at all.

And I won't install anything outside of the android market because you never know what it actually does.

For more information, follow the "Beginner's Guide to using Android" link in my signature.

 

[Tal]

One of the last things you will see before an app installs from the android market is a page showing which permissions that app has. Pay close attention to this screen as it will help you identify what that app is allowed to do.

For instance, a flashlight app really has no business connecting to the internet so a flashlight app with internet permissions should throw a big red flag in your mind. I would do a lot of research before installing an app like that.. if I install it at all.

And I won't install anything outside of the android market because you never know what it actually does.

For more information, follow the "Beginner's Guide to using Android" link in my signature.

Thanks very much for the useful information. I never knew about:

'One of the last things you will see before an app installs from the android market is a page showing which permissions that app has. Pay close attention to this screen as it will help you identify what that app is allowed to do'.

I think if I follow your advice then I should be OK.

Also, if I look at the page that appears before the app is installed and for some reason or other I don't agree with the information/permissions the app has, then I simple wouldn't download it.

I presume that the apps that are downloaded through the Android Market, are tested by Google to ensure that the permissions that are shown on the page before you install are indeed true and that the app isnt getting permission to do something, which was not mentioned on the page before installation?

 

[Tal]

Hi there,

I'm just some guy who only got in touch with a smartphone several weeks ago.
The SGS2 was my first smartphone.

So far I've done quite some messing around and I have a ton of apps installed. I usually check how many downloads there are, if there are comments (pos/neg) and how the information box is written (decent English or just crap) and naturally I try to pick the apps that seem well written, popular and decent in quality.

I've had no problems at all with the apps I downloaded using this method of selection, but I have indeed heard some stories about high battery usage etc. I guess if you're just a tad bit careful with what you do, you'll be just fine.

Thanks for the help, its much appreciated. I think if I follow your advice and ardchoille advice, then I shouldn't go wrong.

 

[ardchoille]

Thanks very much for the useful information. I never knew about:

'One of the last things you will see before an app installs from the android market is a page showing which permissions that app has. Pay close attention to this screen as it will help you identify what that app is allowed to do'.

I think if I follow your advice then I should be OK.

Also, if I look at the page that appears before the app is installed and for some reason or other I don't agree with the information/permissions the app has, then I simple wouldn't download it.

I presume that the apps that are downloaded through the Android Market, are tested by Google to ensure that the permissions that are shown on the page before you install are indeed true and that the app isnt getting permission to do something, which was not mentioned on the page before installation?

No, Google doesn't test apps. However, these permissions, which are assigned at compile time, are listed in the app manifest. When the developer uploads their app to the android market, the market inspects the app and lists everything that app is allowed to do. This way the developer cannot "hide" permissions.

Also, if an app is found to be malicious, Google can pull that app from the market AND uninstall the app from our phones. They'll let us know before doing so but it's good that Google can control things like that.

Each android app runs in its own sandbox and apps cannot control other apps unless two or more apps are specifically written to interact. This keeps one app from "infecting" other apps.

 

[Tal]

No, Google doesn't test apps. However, these permissions, which are assigned at compile time, are listed in the app manifest. When the developer uploads their app to the android market, the market inspects the app and lists everything that app is allowed to do. This way the developer cannot "hide" permissions.

Also, if an app is found to be malicious, Google can pull that app from the market AND uninstall the app from our phones. They'll let us know before doing so but it's good that Google can control things like that.

Each android app runs in its own sandbox and apps cannot control other apps unless two or more apps are specifically written to interact. This keeps one app from "infecting" other apps.

Or that's nice to know, puts my mind at rest and answers some concerns I had. I agree that's its good that Google can uninstall apps from phones, if they are malicious.

Thanks very much for the VERY useful information you have provided and I really appreciate the help.

 

[five]

.. these permissions, which are assigned at compile time, are listed in the app manifest. When the developer uploads their app to the android market, the market inspects the app and lists everything that app is allowed to do. This way the developer cannot "hide" permissions.

Hi. I'm an Android new comer and this is what I believed too. I got a big fright today when I discovered that this isnt the case. I'm not too keen on apps getting my Phone ID (without good reason).

I looked at GPS Status & Toolbox (look at the permissions listed) and I was happy to get it. When I installed it I got big shock to see that it does access Phone ID. Yet it did not declare it on Market.




I did a quick inventory of my apps and discovered that 3 other apps (gUnit Lite, Hertz, Missed Reminders) have this Phone ID permission when installed but don't declare it on the Market.

I can't tell you how p*ssed I was to discover that. My complete 'trust' and 'safety/privacy strategy' was based entirely on the idea that permissions can't be hidden or spoofed.

I am very disillusioned with permissions.

 

[Tal]

Erm, thanks for that Five, very interesting.

 

[adamantell]

imo

Dont worry about it, shit happens for a reason,

Remember this one thing, nothing in life is FREE, if the app does a lot for nothing it is doing more then you see

Thats how I see it be careful read full write up before you download/install ive been ok so far

 

[Tal]

Thanks for the help, its appreciated.

I'm normally cautious with most things, especially shopping online, I would rather pay a little more and purchase something from an online store that had more stars shown for its rating, than a lesser starred store and the product been cheaper there.

Like you say, nothing is free. If it is free and appears to do a lot, then I probably wouldn't download, unless the reviews were excellent and didn't mention any security issues or the like.

I suppose I've been protected more than I've needed to be with been an iPhone/iTunes user

 

[lotus49]

Sadly, no-one is safe regardless of what mobile OS they are using.

Android is at least specific about the permissions and one can always check these. However, many applications appear to request much wider permissions than one would expect and I am starting to become inured to the warnings. Consequently, while I think it is good to be warned, I'm not convinced that the warnings will really make much practical difference.

The App Store is better policed and there is better quality control than the Market and the average quality of the apps is higher but this doesn't give any real protection either. It just isn't possible for any effective testing to be done by either Google or Apple. Firstly because of the sheer volume of apps but also because hiding malicious activity just isn't that hard.

I exercise the same sort of caution that I do when buying products online. Read the reviews, think about who is selling it (a well-known software developer or someone you have never heard of who popped up two days ago), consider how risky it is (can it make calls, does it have access to your credit card number) and so on.

Be careful and sensible and you will be all right.





Probably...

 

[Tal]

Sadly, no-one is safe regardless of what mobile OS they are using.

Android is at least specific about the permissions and one can always check these. However, many applications appear to request much wider permissions than one would expect and I am starting to become inured to the warnings. Consequently, while I think it is good to be warned, I'm not convinced that the warnings will really make much practical difference.

The App Store is better policed and there is better quality control than the Market and the average quality of the apps is higher but this doesn't give any real protection either. It just isn't possible for any effective testing to be done by either Google or Apple. Firstly because of the sheer volume of apps but also because hiding malicious activity just isn't that hard.

I exercise the same sort of caution that I do when buying products online. Read the reviews, think about who is selling it (a well-known software developer or someone you have never heard of who popped up two days ago), consider how risky it is (can it make calls, does it have access to your credit card number) and so on.

Be careful and sensible and you will be all right.





Probably...

Thanks for the useful advice, its appreciated

 

[carajp]

I'd agree with all the advice being given.

My first rule is not to be one of the first people to try a new app. Let others find out the hard way first, if it's a bad one. If thousands of people have downloaded it, I figure there are enough serious-time Android geeks out there for someone to have spotted something.

I also stick to Android Market. This also means that any new phone that's Android in the future will have all your favourite apps downloaded to it by Google (they ask your permission - but why would you say no??)

You do need to watch some of the widgets for power use though. There isn't any quality control and a poorly written widget can suck a lot of power. I've only had one that turned out to be a problem and it wasn't terrible, as such, but I just found another app which did what I wanted in a slightly different way.

 

[Tal]

I'd agree with all the advice being given.

My first rule is not to be one of the first people to try a new app. Let others find out the hard way first, if it's a bad one. If thousands of people have downloaded it, I figure there are enough serious-time Android geeks out there for someone to have spotted something.

I also stick to Android Market. This also means that any new phone that's Android in the future will have all your favourite apps downloaded to it by Google (they ask your permission - but why would you say no??)

You do need to watch some of the widgets for power use though. There isn't any quality control and a poorly written widget can suck a lot of power. I've only had one that turned out to be a problem and it wasn't terrible, as such, but I just found another app which did what I wanted in a slightly different way.

Thanks for the advice its most helpful.

What's the difference between a widget and an app?

I think I would try and keep the widgets down to a minimum, I don't want the screen to look too crowded/busy. Perhaps just having the date & time and see how it goes from there. Thanks again

 

[Gearu]

Also, for browsing apps, www.AppBrain.com is much easier to use on your PC than using the market on your phone.
Be sure to get an app called 'barcode scanner' through the market first though, you can use this app which uses the camera to scan QR codes (the square barcode matrix thing) of apps on the appbrain site (you click 'install' on the app page to see the QR code) and it will automatically whip you to that app in the market (after you press 'open browser' after the scan), saving you from manually opening the market app and trawling through apps.